task-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted user data (specs/plans) to generate its output.
- Ingestion points: The workflow in
SKILL.mdanalyzes user-provided spec content to generate parent and sub-tasks. - Boundary markers: There are no specific delimiters or instructions provided to the agent to ignore potentially malicious instructions embedded within the user's specs.
- Capability inventory: The skill writes to the local file system at
/tasks/tasks-[feature-name].md. - Sanitization: No evidence of sanitization or validation of the input spec content before interpolation into the task list.
- Command Execution (SAFE): The skill documentation mentions
git checkoutandnpx jest. These are presented as template text for the generated markdown task list and are not executed dynamically by the skill's internal logic.
Audit Metadata